3 matches found
OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval
Impact OpenClaw node.pair.approve placed in operator.write scope instead of operator.pairing allows unprivileged pairing approval. The pairing approval method accepted operator.write instead of the narrower pairing scope and admin requirement for exec-capable nodes. OpenClaw is a user-controlled...
CVE-2026-27943
OpenEMR (versions up to 8.0.0) contains an access control flaw in the eye_exam (eye_mag) view: data is loaded by form_id without verifying the form belongs to the current user’s patient/encounter context. An authenticated user can access or edit any patient’s eye exam by supplying a different for...
PT-2026-22100
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eye mag view loads data by form id or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...